Demodesk integrates Microsoft 365 SSO via OAuth 2.0. It’s enabled automatically when you register or sign in using “Sign in with Microsoft.”
After the first employee signs up, your IT team can see and manage the app in the Microsoft Entra admin center under Enterprise applications → Demodesk.
What we ask for and why
We request delegated (user-level) permissions so Demodesk only acts on behalf of the signed‑in user.
OpenID scopes
email
offline_access
(used to refresh tokens without repeated login)openid
profile
Microsoft Graph scopes
Calendars.ReadWrite
: To view and create calendar eventsMail.Send
: To send emails (confirmations, reminders, etc.) for scheduling.OnlineMeetings.ReadWrite
: To read the Microsoft Teams meetings context and be able to schedule meetings (for scheduling).OnlineMeetingArtifact.Read.All
: To access meeting artifacts (e.g., recordings)User.Read
: To identify the user
Revoking access
Access can be revoked at any time:
From your Demodesk account (Connections settings)
Directly from your Microsoft/Outlook account
Access ends immediately upon disconnection.
How to enable SSO
1. Go to the Demodesk login page and choose “Sign in with Microsoft.”
2. Review and accept the requested permissions.
3. Demodesk should appear as app in Entra under "Enterprise apps"
To make your workspace “SSO-only” (disable email/password), contact support@demodesk.com.
FAQs
Q: Does Demodesk see all calendars?
A: No. Only users who connect Microsoft 365, and only their default calendar.
Q: Are these permissions and behaviors different from Scheduling?
A: Yes. Scheduling may differ - see here for more details.